[dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough

Milan Broz gmazyland at gmail.com
Thu Feb 14 17:57:27 CET 2013


On 02/14/2013 05:39 PM, .. ink .. wrote:
> 
> wouldnt it be better to just cut off the key at the 65th character
> instead of failing out?

> I did a test here.and I created a truecrypt volume with a key of 70
> characters and truecrypt created the volume and could open it but
> cryptsetup failed to open the volume.

which version? I tried it on some latest GUI and it did not allow me
to enter more than 64 chars.
But yes, trim passphrase and add warning message in verbose mode is perhaps better.

I do not like it but if it is how it is handled there...

> truecrypt seem to handle a key with longer length and use only the
> length it needs and i think cryptsetup should do the same.It will be
> odd to users of cryptsetup when their passphrase works with truecrypt
> but fail with cryptsetup

Btw if anyone interested why there is 64 char limit - from Truecrypt 1.0 changelog:

"* The maximum volume password length has been decreased from 100 to 64 characters.
This was necessary to avoid the following: When a password longer than 64 characters
was passed to HMAC-SHA-1, the whole password was first hashed using SHA-1 and the resultant
160-bit value was then used instead of the original password (which complies with
HMAC-SHA-1 specification), thus the password length was in fact reduced."

Milan


More information about the dm-crypt mailing list